Dailydave mailing list archives

Re: News, dumbug, prediction rebuttals.

From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 22 Dec 2005 12:23:42 -0800

Dave Aitel wrote:

IMO, intense auditing is really just a warm up. OpenSSH is the most
intensely audited code on the planet and it still has problems that
require them to change their architecture to avoid exposing too much
code to the pre-auth world.

Is it really "require", or are they simply doing more paranoid things,which have served them well in the past?

OpenSSL and zlib should really be the most intensely audited code, theyget linked into just about everything.

BB

Current thread:

News, dumbug, prediction rebuttals. Dave Aitel (Dec 21)
- Message not available
  - Re: News, dumbug, prediction rebuttals. Dave Aitel (Dec 21)
- Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 21)
  - Re: News, dumbug, prediction rebuttals. David J. Bianco (Dec 21)
    - Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 22)
    - Message not available
    - Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 23)
    - Message not available
    - Re: News, dumbug, prediction rebuttals. Anton Chuvakin (Dec 23)
- Re: News, dumbug, prediction rebuttals. Florian Weimer (Dec 22)
- Message not available
  - Re: News, dumbug, prediction rebuttals. Dave Aitel (Dec 22)
    - Re: News, dumbug, prediction rebuttals. Florian Weimer (Dec 22)
    - Re: News, dumbug, prediction rebuttals. Blue Boar (Dec 22)
    - Re: News, dumbug, prediction rebuttals. Adam Shostack (Dec 22)
    - Re: News, dumbug, prediction rebuttals. plonky (Dec 22)
    - Message not available
    - Re: News, dumbug, prediction rebuttals. plonky (Dec 23)
- <Possible follow-ups>
- Re: News, dumbug, prediction rebuttals. sgc (Dec 22)
- RE: News, dumbug, prediction rebuttals. Marc Maiffret (Dec 27)